Impact
A race condition exists in the Linux kernel between the PSI (pressure) write operation and the release of a cgroup file. The kernel may free the "priv" member of a struct kernfs_open_file during cgroup removal while a pressure write concurrently accesses it, leading to a use‑after‑free that can trigger a kernel panic. This weakness is classified as CWE‑367 (Race Condition). The primary impact is a denial‑of‑service via a kernel crash.
Affected Systems
All Linux kernel releases that compile with cgroup pressure support (CONFIG_CGROUPS_PSI) are affected until the patch that extends the cgroup_mutex lock to cover all uses of the "priv" pointer in cgroup.c is applied. The fix has been merged in commit 03dc070fa0fc3cb4068693f468ccd5f8a7e58282 and shipped to current stable kernel series.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, while the EPSS score of < 1 % suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The race involves concurrent operations on the cgroup pressure interface; based on the description, it is inferred that an attacker would need the ability to trigger a PSI write and delete a cgroup directory—capabilities typically available only to a local user with sufficient privileges. The main consequence is a kernel crash that disables the impacted system. No evidence of privilege escalation or data disclosure exists in the available information.
OpenCVE Enrichment